Latest Articles

Hidden message in Verizon breach report

Last week, after I dropped clues that the cover of this year’s Verizon Data Breach Investigations Report contained a cryptographic challenge, several readers immediately jumped on the challenge.
In this blog post, Veracode’s Chris Eng provides a fun walk-through of how he decoded the pattern of 1s and 0s on the report’s cover and used a combination of Google searches and hidden clues to solve the puzzle.

Read more...

Dranzer: Fuzzing for ActiveX vulnerabilities

The United States Computer Emergency Response Team (US-CERT) has released a new ActiveX fuzzer to help developers pinpoint browser-based security vulnerabilities.
The tool, called Dranzer, lets software developers test ActiveX controls for vulnerabilities before the software is released to the public. It is available as an open-source utility.

Read more...

Hathaway, Obama administration swing and miss at RSA

Categories: Government

Much of the talk at the RSA Conference last week centered on the lack of the unifying theme or big-time story that usually emerges to take over the show by mid-week. But there was, in fact, a major story, and it was the abject failure of the Obama administration, in the person of Melissa Hathaway, to deliver any concrete details on its plans to drag the country’s information security infrastructure out of the quagmire it’s been in for nearly a decade.

Read more...

Following the RSA Conference Conversations

Categories: Compliance

By David Mortman
I always find RSA interesting because in addition to the official theme of the conference (what was this year’s anyways?) there is the unofficial theme, that usually comes from either the show floor (Everyone remember how every year from 1999 through 2003 was “The Year of the PKI”?) or from the talks themselves. 

Read more...

Frontline in phishing and online fraud still expanding

By George V. Hulme
As some consumers play a growing role in the fight against online fraud and phishing, others need more education on the problem. That’s the bottom line from a panel discussion that included risk managers from Bank of America, JP Morgan Chase, and PayPal.

Read more...

Conficker’s estimated cost? $9.1 billion

Categories: Malware

From ZDNet (Dancho Danchev)
In a recent blog post, the Cyber Secure Institute claims that based on their previous studies into the average cost of suck malware attacks, the economic loss due to the Conficker worm could be as high as $9.1 billion.
Despite that their analysis also considered a much limited infection rate (200,000 infected hosts), they claim that the cost of the virus in this case is still around $200 million. Read the full story [zdnet.com]

Read more...

Critical infrastructure security still lagging

Categories: Malware

The interdependencies and interconnections of the networks that run the country’s critical infrastructure assets such as water, power and gas have created a dangerously fragile system in which security is just now becoming a priority, experts say. For years the priorities for these networks have been safety, compliance and reliability, while security has only become a factor very recently, a panel of security officers from telecom and utility operators said at the RSA Conference on Thursday.

Read more...

Cybergangs use cheap labor to break codes on social sites

Categories: Web Security

From USA Today (Byron Acohido)
It’s become the new front in cybercrime: scams and identity-theft programs that attack e-mail accounts and users of social-networking sites such as Facebook and MySpace.
To carry out many of these automated attacks, cybercriminals first must overcome “captchas,” the distorted letters and characters that users of an e-mail or social-networking account are required to type to complete certain online forms. For years, captchas have helped to stop or bog down automated programs aimed at creating, among other things, e-mail accounts that promote scams such as fake computer virus protection and bogus accounts on social websites that can be used to collect personal information on legitimate users.

Read more...

Attackers becoming an industry of their own

Categories: Malware

From Wired.com (Kim Zetter)

Attackers are becoming more and more organized and efficient in their information-stealing efforts and are using tactics gleaned from security professionals to get better at what they do. In a panel discussion at the RSA Conference, Joe Stewart of SecureWorks said the the trend toward organized, professional groups of attackers is moving to another level now.

Read more...